Protection of digital data content

ABSTRACT

Various embodiments include an apparatus, system, and method to control the distribution and usage of copyrighted digital content. The processing of a data file received over a communications network such as the Internet occurs both in a host digital appliance, such as a personal computer, notebook computer, audio player, video player, and the like, and in a very small digital rights management (DRM) module that is removably connected with the host. The processing makes it extremely difficult for the content of the data file to be obtained by an unauthorized person and/or utilized with an unauthorized DRM module.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of provisional patent applicationSer. No. 60/541,279, filed Feb. 3, 2004. This application is alsorelated to patent application Ser. No. 10/227,155, filed Aug. 23, 2002,and published under no. 2004/0039932A1 on Feb. 26, 2004. Both of theseapplications are incorporated herein in their entirety by this referencefor all purposes.

BACKGROUND

This invention generally relates to the field of digital rightsmanagement, and more particularly, to methods of remotely enforcingdigital content policy.

The Internet worldwide network, as well as other data communicationnetworks, enables many digital appliances to interconnect and exchangeinformation. Digital appliances include personal computers, laptopcomputers, tablet computers, PDAs, mobile phones, MP3 players, DVDplayers, gaming consoles, digital recording devices such as digitalcameras, and others. A particular use of the Internet, and othernetworks such as cable and satellite or a corporate or organizationnetwork is to distribute digital files, specifically digital contentfiles.

A Digital Content File is data which has an end use of being eitherviewed, listened to, read, played, executed, or otherwise utilized by anend user, and at some point prior to end use is stored and/orrepresented in numerical form. A Digital Content File may be an audiofile, a video file, a software file, an electronic book, a document, acomputer game or other types of content.

A Copyrighted Digital Content File is a Digital Content File which haslegal limitations on at least one end use. For example, a user may notcreate a copy of, distribute, modify, sell, and/or perform other enduses of a Copyrighted Digital Content File, without receiving permissionfrom the copyright owner. Examples of Copyrighted Digital Content Filesare commercial movies, commercial music, electronic books, software,computer games, and the like.

The raw digital representation of high quality multimedia files such asaudio and video uses high rate of data sampling to turn analoginformation into digital data. This representation consumes largequantities of storage. For example a WAV format file which represents atypical audio clip of 3 minutes length, can easily be larger than 30Megabytes in size. A typical 60 second video clip can take up 1.5 GBwhen not compressed. Transferring data over a network such as theInternet has a cost that may be quantified both in monetary terms and inrespect to time needed to transfer information. The larger the files totransfer, the more time the transfer will take, and for connections thatare paid for according to connection time, the more it will cost.

In order to reduce the time and cost of storing and/or transferringdigital multimedia files over a network, experts in the field devisedsophisticated algorithms that compress the digital content files tosmaller files. Although the compression techniques are usually lossy(the data cannot be exactly restored when decompressing), standardcompression and decompression techniques for audio and video produce aresult that is usually negligibly different for human ears and/or eyes.Good compression techniques can reduce an audio file to ten percent ofits original size, and a video file can be compressed much more. Takingthe above example of a 3 minute song coded in WAV at 30 MB, a compressedversion can take up only 3 MB of memory.

The most famous family of compression techniques is collectively knownas Moving Picture Expert Group (MPEG) (see www.mpeg.org). One of thesubfamilies of MPEG audio compression techniques is called MP3, shortfor Moving Picture Expert Group Audio Layer 3.

In order to play an MP3 audio file on a computer or MP3 player, arendering software and/or hardware application that decompresses thefile and sends a bit stream to the audio equipment that drives thespeakers is utilized. An example of such software is Winamp by Nullsoft(http://www.winamp.com/). There exist applications that can render bothaudio and video for example Microsoft Media Player(http://www.microsoft.com/).

The advent of the Internet and MP3 compression in the late 1990'sbrought about a revolution in music distribution worldwide. Peer to Peersystems were created in which one person would copy music from a CD to acomputer, compress it to MP3 format and then share it with tens,hundreds and even thousands of other people, by sending the files overthe Internet. The most famous example of a software system that providedapplication infrastructure for the sharing of digital music files isNapster, by a company of the same name. Napster was ordered to shut downby a US court, because the system was used mostly for sharingcopyrighted music files, without providing compensation to the artistsand the recording companies that produced these works. Although Napsterin its original form no longer exists, many similar services aboundtoday, in which users from all over the world may share digital contentof any sort, including music, movies, software applications, games, andother files.

Content owners have been trying to fight this phenomenon since it began,claiming a sharp decrease in their revenues due to digital content“piracy”. So far, content owners such as recording companies and moviestudios have met with very limited success in their attempts at usingtechnological solutions to solve these problems.

Although free content downloading applications abound, pay services fordigital content such as music have also appeared recently by vendorssuch as RealNetworks (http://www.listen.com/), Apple(http://www.apple.com/itunes/), and Microsoft MSN Music Club in Europe.Users pay a fee per song, which is then downloaded to their computer,and which they can then play or copy to CDs or other devices.Alternatively, users subscribe for unlimited access to songs for a givenperiod of time. These services do specify to users what they may do withthe files once they are downloaded, but are not successful in enforcingthe specified usage policies.

In order to combat downloading and sharing of copyrighted digitalcontent by parties that are not licensed to do so, and to enforce use ofdigital content according to license, various protection methods areemployed by content owners. The collective term for the control ofdistribution and usage of digital content is Digital Rights Management(hereafter DRM). DRM systems typically involve cryptographic methods forthe secure distribution of the content between a contentrepository/server and a digital appliance. Such methods typicallyrequire the appliance to include an implementation of cryptographicalgorithms and hold cryptographic keys in order to gain access to thecontent.

In many cases the software application used to render the digitalcontent implements some form of DRM that is engaged when the userattempts to access the digital content, for example MicrosoftMediaPlayer which is used to view video files and listen to audio files,has built in DRM functionality. One of the operations performed by suchan application is the process of decrypting the content file usingcryptographic methods and cryptographic keys. In order to execute suchoperations, the application must have access to the cryptographicmethods and keys; therefore the cryptographic methods and keys mustreside within the reach of the application. Typically the cryptographicmethods, the keys, or both, reside within the application, in thedigital content file itself, or somewhere within the digital appliancestorage.

A digital appliance such as a computer or PDA is typically an openplatform enabling computer programmers to develop programs for it. Insome cases, software programs are developed for the purpose of hackingand locating the cryptographic keys and algorithms of a DRM system, inorder to circumvent the DRM and gain access to the content. This processis generally called an “attack” and if it succeeds it is commonlyreferred to as a “crack” or a “hack” to the DRM system. A computerprogram that performs this function is referred to hereafter as ahacking program or a cracking program.

Examples of successful attacks are well known in the art. In 2001Microsoft's Media Player was cracked by a programmer using the pseudonym“Beale Screamer”(http://news.com.com/2100-1023-274721.html?legacy=cnet).

Other forms of attacks include using programming tools. For example,software debuggers track and trap the digital content information afterthe rendering application has decrypted it, retrieving the “protected”information. Such information includes the digital content file andmetadata describing how it is to be rendered. A hacking program thatcracks the application and releases this information from the DRM systemenables the construction of unauthorized copies of the original digitalcontent file.

As a countermeasure, DRM systems can use more sophisticatedcryptographic schemes and code obfuscation techniques. Other methodsinclude adding tamper resistant hardware to store the cryptographickeys. Examples of such methods are cryptographic tokens such as iTokenby Rainbow Technologies Inc. (http://www.rainbow.com/ikey/index.html) orusing a smart card to store cryptographic keys and optionallycryptographic algorithms. Such solutions either reveal the cryptographickey to the digital appliance in the process of decrypting theinformation, or internally perform the cryptographic functions butreveal the end result in a raw form that can then be accessed.

A side effect that arises from the above content protection methods isthat the software application that renders the digital content takes anactive part in the protection process by implementing the abovementioned cryptographic methods and code obfuscation. Since the contentprotection implementation must be kept secret, it can be known solely bythe organization that developed the software application. Furthermore,the content itself must be amended with cryptographic keys and data thatare known only to that specific implementation, making the specificsoftware application be the only software piece that can decrypt andrender the content. By tying content to be used by a specific softwareapplication, the type and variety of digital appliances that may beutilized to use the content is limited to the type and variety of theconsumer electronic appliances that the organization that developed theapplication decides to support.

The above methods have proven to slow, but not halt, an adversary. Givenenough time and effort, a computer program that cracks a DRM system maybe written. It can be appreciated by those skilled in the art that suchsuccessful attacks are easier to carry out on software applications thatexecute in an open development environment that enables programmers todevelop software programs. Similarly, cryptographic co-processors leavethe content vulnerable after decryption.

Another method that is partially effective in preventing digital contentfiles from being copied and disseminated without control is thestreaming of digital content files such as audio and video files tousers. In this scenario, files are not downloaded to be stored on adigital appliance but rather “broadcast” much like a radio program. Thisensures that only a small block of the content is present on the digitalappliance at each given moment. The downside of this is that a user mustbe connected to the streaming, source or online during the entireduration of the music program or movie. Another problem with streamingis that, in contrast to a file that is saved on the digital appliancestorage, a user that has paid for content that is streamed cannot accessthe content at all times. Another shortcoming of streaming is thatprograms exist today for recording the streamed content andreconstructing a digital copy of the original digital content, withoutcreating a noticeable difference to the human eye or ear.

To summarize the problems with existing solutions for distribution andcontrol of copyrighted digital content, existing art stores encryptedcopyrighted digital content and rendering software applications in opencomputing systems that are easy to crack. By tying digital content to aspecific format and a specific rendering software application, thenumber of different types of digital appliances that can be utilized foran end-use of the digital content is limited. Furthermore, streamingsolutions are inconvenient for users and easily circumvented.

There is clearly an unmet need for a system, apparatus, and method forenabling users to possess and use copyrighted digital content but withinlimitations specified by the owners of the copyright.

SUMMARY OF THE INVENTION

The above-mentioned disadvantages and problems are addressed by thepresent invention, which will be understood by reading the followingspecification.

It is an object of the present invention to provide a DRM device.

It is another object of the present invention to provide a method forpreparing copyrighted digital content for usage with a DRM device.

It is yet another object of the present invention to provide a methodand system for distributing and rendering copyrighted digital contentusing a DRM device.

In some embodiments the following steps occur. Before distribution, theoriginal copyrighted digital content is processed to produce two or moreparts (hereafter files) such that each one separately is not sufficientfor end use of the copyrighted digital content. The processing of thecopyrighted digital content into two files is explained in detailhereafter. The two resulting processed files are recombined into aunified file which is compressed and encrypted in order to bedistributed over a network. In some embodiments the unified file maycontain additional data. The unified file is distributed over a networkto a digital appliance with a DRM device connected to it. The receivedunified file is stored in the DRM device. The DRM device separates theunified file into the two files. At the appropriate time, one file orsection of a file is sent to the digital appliance for processing andthe second file or section of the second file is processed internal tothe DRM device. At the appropriate timing, the result of such processingis combined either inside the DRM device or in the digital appliance toproduce data and content that can be used by an end user. At no pointduring this process is the complete set of original content available onthe digital appliance nor is the complete set of processing algorithmsused to produce the useable content available on the digital appliance,hence open for the possibility of hacking.

The DRM device can process policies such as expiration, limited numberof uses, replication, and other usage policies for rendering the contentfile on the digital appliance. If a user is not allowed to use a certaincopyrighted digital content file, then the production process is notinitiated.

BRIEF DESCRIPTION OF THE DRAWINGS

The foregoing and other objects, aspects and advantages will be betterunderstood from the following detailed description of embodiments of theinvention with reference to the drawings, wherein:

FIG. 1 is a schematic block diagram of an embodiment of the DRM device;

FIG. 2 is a schematic block diagram of an embodiment of the system;

FIG. 3 is a flowchart of an exemplary method for preparing a digitalcontent file for use with the DRM device;

FIG. 4 is a flowchart of an exemplary method for rendering a digitalcontent file using the DRM device;

FIG. 5 illustrates in a different format the processing of FIG. 3 thatprepares a digital content file for use with the DRM device;

FIG. 6 illustrates in a different format the processing of FIG. 4 thatrenders a digital content file using the DRM device;

FIG. 7 shows in a different format a part of the signal processingincluded in FIGS. 3-6;

FIG. 8 is a block diagram of an example implementation of the DRM devicewithin a flash drive that is removably connectable to a digitalappliance host; and

FIG. 9 schematically illustrates a mechanical configuration of the flashdrive DRM device and digital appliance host of FIG. 7.

DESCRIPTION OF EXEMPLARY EMBODIMENTS

In the following detailed description of exemplary embodiments of theinvention, reference is made to the drawings that illustrate specificexemplary embodiments in which the invention may be practiced. Thoseskilled in the art will appreciate that other embodiments may beutilized without departing from the spirit of the present invention;therefore the following detailed description of the invention should notbe taken in a limiting sense.

FIG. 1 is a diagram of an exemplary embodiment of the DRM devicehardware 110, which includes a central processing unit (CPU) 112, anoptional system memory 113, an optional co-processor chip 119 anoptional non-volatile storage 114, and an interface 115 to connect thedevice 110 to a digital appliance 120. There may be only one or aplurality of central processing units 112, as there may optionally beonly one or a plurality of system memory 113 or non-volatile storage114. There may be only one or a plurality of interfaces 115; theinvention is not so limited. The non-volatile storage 114 may beincluded in the CPU 112 or be discrete from the CPU 112; generally,components or subcomponents of the DRM device hardware 110 may becombined with other components or subcomponents of the DRM device forhigher integration and perhaps lower cost.

The CPU 112 may be a general purpose CPU or a CPU with dedicatedfunctions. Furthermore the CPU 112 may include internal memory, andinternal non-volatile storage which in the description of the presentinvention may serve a similar purpose of the system memory 113, and/ornon-volatile storage 114 respectively. The CPU 112, the non-volatilestorage 114, and/or other components may be implemented as a tamperresistant hardware, or sections of the CPU 112, the non-volatile storage114, and/or other components may be tamper resistant; the invention isnot so limited.

The non-volatile storage 114 may be any of several types of storageincluding semiconductor based media such as read only memory (ROM),electronic erasable programmable read only memory (EEPROM), flash memoryor battery backed up random access memory (RAM), or magnetic mediastorage such as hard disk drive or floppy disk, or the like, or othertypes of non-volatile storage, this invention is not so limited.

The interface 115 can connect the DRM device 110 with a digitalappliance 120 in both physical- and communication aspects. The physicalaspect can be, for example directly, through one or more cables, and/orwireless. The communication aspect of the interface 115 allows dataexchange between the DRM device and the digital appliance. The interface115 may be any of several types of interfaces, for example PCI, ISA,Universal Serial Bus (USB), FireWire, IDE, SCSI, RS-232 or other serialinterface, parallel interface, Compact Flash (CF) interface, Sony MemoryStick interface, Multimedia Card (MMC), secure digital (SD), mini securedigital, extreme digital (xD), Bluetooth, Infiniband, mobile phoneinterface, PDA interface, and/or any other type of interface that may beused to connect a DRM device with a digital appliance.

The Digital Appliance 120 is used by an end user for some end use of oneor more digital content files. Digital appliance 120 may be any ofseveral types of devices, for example a PC, laptop, tablet computer,PDA, mobile phone, mp3 player, DVD player, personal video player,programmable consumer electronics, or any other device that may be usedwith digital content.

The non-volatile storage 114 contains instructions which may be executedby the CPU 112. The non-volatile storage 114 further may contain: anoptional unique device serial number, a method of authentication such asa unique pair of public and private cryptographic keys and a signedauthenticity certificate. The instructions stored in the non volatilestorage 114 allow the digital appliance 120 to access a portion of thenon volatile storage 114 through the interface 115, but prevent accessto another portion of the non volatile storage 114, including a portionthat stores the private cryptographic key and a portion that storesinstructions that execute in a closed environment without enabling useraccess. The non-volatile storage may also store a plurality of methodsfor authentication; the invention is not so limited.

The optional co-processor chip 119 may be used in conjunction with CPU112 in processing and formatting content for end use, such as audio,video, games and the like content, thus achieving higher computingcapability. Co-processor chip 119 may process none, some, parts or allof the digital content; the invention is not so limited.

Examples of co-processor chips used to decode video are EM8485 MPEG-4Decoder for Set-top Appliances and Media Gateways by Sigma Designs(http://www.sigmadesigns.com/products/em8485.htm) and the like.

FIG. 2 is a diagram of an exemplary embodiment of the system whichincludes a DRM device 210 with an interface 215, a digital appliance 220with an interface 221 which matches the interface 215 of the DRM device210, a user interface 222 on which a processed digital content may bepresented (for example as a video, visual image, synthesized audio,synthesized video games or other form) to the user, a network 230, acontent server 240 which is a computer that can transfer digital contentover the network and a license server 250 which is a computer that maytransfer authentication and/or decryption and/or policy and/orformatting information over the network. According to one embodimentthis information is embedded in one or more files. According to someembodiments, none, some, or all of the digital content may becopyrighted, the invention is not so limited. The system may include aplurality of DRM devices 210, digital appliances 220, content servers240 and license servers 250, the invention is not so limited.

The interface 221 connects the digital appliance 220 with a DRM device210. The interface 221 may be any of several types that may be used toconnect a device with a digital appliance. The interface 221 of thedigital appliance 220 matches the type of interface 215 of the DRMdevice in a form that enables information to pass between the DRM device210 and the digital appliance 220.

The content server 240 is a computer that can be accessed through anetwork 230 such as the Internet network. The content server 240 canrespond to requests to download copyrighted digital content such asvideo, audio, ebooks, software, games and the like.

The license server 250 is a computer that can be accessed through anetwork 230 such as the Internet network. A license server 250 canrespond to requests to download information such as authenticationand/or decryption and/or policy and/or formatting information. This datamay include: definition of policies to be used by the DRM devicepolicies, definition of formatting to be used by the DRM deviceformatters, definition of decryption to be used by the DRM devicedecryptors, definition of authentication to be used by the DRM deviceauthenticators, the digital content file, parts of the digital contentfile, information regarding the user, information regarding the rightsof the user to one or more end uses (the user may have access to allpossible end uses or less than all possible end uses) of the digitalcontent file or part of the digital content file, information regardingthe vendor/owner/operator of the system, information regarding thespecific DRM device 210, and other information. The information may beutilized by the DRM device 210 and/or the digital appliance 220. Theinformation may be utilized while the user makes end-use of the digitalcontent or in preparation for enabling the user to make end-use of thedigital content.

According to some embodiments, the content server 240 and the licenseserver 250 are implemented as separate entities that interconnectthrough a network and do not directly interconnect. According to otherembodiments the content server 240 and the license server 250 directlyinterconnect. According to other embodiments the content server 240 andthe license server 250 are implemented as a single entity, the inventionis not so limited.

An authenticator implemented in a DRM device 210 participates in theprocess of authenticating the DRM device to a remote server over anetwork. An authenticator may implement one of several methods ofauthentication including sending a device ID number to the remoteserver. Another authenticator uses an encryption secret key known onlyto the DRM device 210 and the server, and bases the authentication onchallenging the DRM device 210 in order to verify that it has possessionof the secret key. In some embodiments of such an authenticationprocess, the server sends an encrypted message to the DRM device 210,and the authenticator at least decrypts the message and returns it tothe server. In some embodiments, the same key can be used in a varietyof methods to authenticate, for example, by signing a plaintext messageand/or decrypting an encrypted message. In some embodiments, theauthenticator responds to challenges by performing a series ofoperations such as decrypting a message, processing the result,encrypting the result, and returning it to the server for verification.For this authentication process to occur, the secret key may be storedin the DRM device 210 prior to the authentication process. The storedkey can be a single key stored equally on all DRM devices or a dedicatedkey unique to each DRM device 210. In the latter case the server shouldknow in advance which key is stored within which DRM device.

Another method to authenticate uses a public and private key and adigital certificate. In such an embodiment, the authenticator has accessto a private key and a matching public key stored in the DRM device 210.The private key must be kept secret, but the public key may be madepublic. The server may then challenge the authenticator with a messageencrypted with the DRM device 210 public key to ensure it has access tothe matching private key. In some embodiments, the authenticator signs amessage but does not necessarily encrypt the message. Optionally theserver can receive from the DRM device 210 a digital certificate, whichcontains device identification information such as the device serialnumber or device ID and/or the public key of the device and/oradditional information relating to the device, the server, theorganization operating the system or any other information. The DRMdevice 210 identification information is digitally signed by a trustedauthority, such as the vendor of the device, owner of the server, theorganization operating the system and/or another trusted authority toform a digital certificate for that device. Some embodiments of theauthenticator can authenticate the DRM device 210 and/or a user of theDRM device 210.

A decryptor in the DRM device 210 participates in the process oftransforming encrypted digital content or parts of digital content intoa decrypted form. A decryptor may implement one or more of severalmethods: symmetric algorithms such as DES, 3DES, AES, and IDEA; and/orasymmetric algorithms such as RSA, Diffie-Hellman, elliptic curve;and/or others. A decryptor may implement one or a plurality ofdecryption methods. A decryptor may include hashing algorithms such asDSA, MD2, MD4, MD5, HMAC and/or SHA1 and/or others to retrieve asignature and check origin and integrity of the data received. Thedecryption key or plurality of decryption keys for such operations mayoriginate in one or a plurality of sources. For example, decryption keydata can be stored in the non-volatile storage of the DRM device 210,received from the digital appliance 220, and/or received from a networkserver, such as through the digital appliance 220. In some embodiments,the DRM device 210 may receive digital content which is at least partlydecrypted. In such embodiments, obviously the decryptor may or may notprocess the already decrypted portion. The decryptor can at least partlydecrypt—for example, fully decrypt part of a digital content file,and/or perform one or more decryption steps, which can be the completedecryption process or a subset of the complete decryption process, for awhole or part of the digital content. In some embodiments, the digitalcontent can be received at least partly unencrypted.

A policy in the DRM device 210 participates in the process of verifyingthe eligibility of end use of the digital content or part of the digitalcontent, allowing or disallowing operations such as decrypting,formatting, searching, and/or transmitting an output to the digitalappliance. The verification may check one or several eligibilityoptions, including the right to use the digital content, the right touse the digital content up to a certain date, the right to use thedigital content between certain dates, the right to use the digitalcontent after a certain date, the right to use the digital content for acertain accumulated usage time, the right to use the digital content fora certain number of times, the right to transfer the digital content,the right to modify the digital content, the right to add overlayinformation onto the digital content, the right to save the digitalcontent into the DRM device 210 and/or another location, the right tosave the overlay information into the device and/or another location,the right to copy the digital content, the right to copy portions of thedigital content, the right to copy specific parts of the digitalcontent, and other rights related to an end user in connection with anend use or distribution of the digital content. These might be checkedby the policy to produce a result that might be one or more possibleactions such as allowing the output to be transmitted to the digitalappliance 220, disallowing the output from being transmitted to thedigital appliance 220, erasing the digital content file or part of thedigital content file, and/or allowing or disallowing operations such assearch, edit, save, and other operations that a user may perform whilein an end use of the digital content.

A formatter in the DRM device 210 participates in the process ofrendering the digital content for an end use by the user. In someembodiments, where the optional co-processor chip 119 is available, theformatter may utilize the co-processor chip as parts of its formattingoperation; this invention is not so limited.

In some embodiments the digital content is at least an encoded digitalaudio file such as MP3, MP3-pro, Ogg-vorbis, AAC, DTS, Dolby, ADPCM,WMA, or the like (for a sample list of digital audio formats refer tohttp://sox.sourceforoe.net/AudioFormats.html.) The formatter decodes thedigital content as part of the rendering process, for example transformsan encoded MP3 file to a decoded raw WAV file which may later berendered to an audio signal to be presented for an end use to the user.In other embodiments, where the digital content is at least an encodeddigital audio file, the formatter only partially decodes the file. Insome embodiments, where the digital content is at least one encodeddigital audio file, the formatter processes one or more of the files toproduce an output that will be used for rendering audio, for example,the file may contain data that describes certain frequencies oramplitudes within the target audio

In some embodiments the digital content is at least an encoded digitalvideo file such MPEG1, MPEG2, MPEG4, WMV, DIVX, XVID, 3UVX, H.263,H.264, Quick time 6, Real, Windows Media or the like (for a sample listof digital video formats refer tohttp://www.webopedia.com/Multimedia/Video/Video_Formats/). The formatterdecodes the digital content as part of the rendering process, forexample transforms an encoded MPEG2 file to a decoded YUV file. In otherembodiments, where the digital content is at least an encoded digitalvideo file, the formatter only partially decodes the file. In someembodiments, where the content is at least an encoded digital videofile, the formatter processes one or more of the files to produce anoutput that will be used for rendering video, for example, the file maycontain data that describes certain frames or colors within the framesthat affect the presentation of the target video.

In some embodiments, where the content is at least a softwareapplication or a game, the formatter may generate attributes such asimages, run time code or outputs of algorithms that are utilized tocreate or visualize a software scenario or game scene.

In some embodiments the content is at least a digital book or a sectionof a digital book and the formatter at least generates a layout from thecontent for its presentation. In other embodiments of the formatter, thedigital content is at least a digital book or a section of a digitalbook and the formatter at least generates an image from the content.

Digital appliance 220 receives and sends data from/to DRM device 210through interface 221. Digital appliance 220 may process data. Digitalappliance 220 may prepare digital content file for rendering. Digitalappliance 220 may actually render digital content, for example bydisplaying a page of an ebook on a computer screen or sending audiosignal to the audio processing electronics and eventually to thespeakers.

FIG. 3 is a flowchart of an exemplary method for preparing a raw digitalaudio or video content file C for use with a DRM Device 110. Thepractice of preparation of raw digital content file such includes stepsof compressing the digital content in order for the digital content fileto occupy less storage space and consume less network resources whiletransmitted.

In preparing the digital content file for use with a DRM device, severalassumptions are made. Firstly, if the entire digital content file C willat any point be fully present on a digital appliance, it will becracked; thus, at least part of the digital content file must always bestored elsewhere, specifically on the DRM device. Secondly, for costreduction purposes, the DRM device may have a much weaker computationalcapability than the hosting digital appliance. This means that the DRMdevice may not be able to execute all the computations necessary toprepare file C for presentation. Therefore when preparing the contentfile C for presentation, part of the data processing must be executed onthe host digital appliance.

In step 301 content C exists in raw digital form as a file C, ready tobe rendered. In some embodiments content C is a document, image, audiofile, video file, software, game, parts of or combinations of the above,or any other type of digital content, this invention is not so limited.

In step 302 the file C is processed to produce files A and B such thatthere exist transformations f( ), g( ), h( ) for whichC≈F=f(g(A),h(B))  Eq. (1)where f, a recombination algorithm executed on files g(A) and h(B), willproduce F which is an identical copy or an almost identical copy (tohuman sight, sound and other perceptions) of the original file C. Analmost identical copy file F is a file that can be rendered for usagewith a minor degradation in quality or no degradation in quality incomparison to the original content file C when being used by an enduser. File A and B are digital content files derived from the originalfile C, but each on its own lacks critical data necessary to beprocessed for use as a reasonably presentable digital content file.Using the transformations f( ), g( ) and h( ) files A and B can bereconstructed into file F.

In some embodiments, file A is intended for processing on the digitalappliance and file B is intended for processing in the DRM device. Inthis case, at no time is file B available to the digital appliance.

According to some embodiments, transformation fo reproduces an exactcopy of original file C, such thatC=F=f(g(A),h(B)).  Eq. (2)

The files A and B and the transformations f( ), g( ), h( ) may beadjusted to different types of content, this invention is not solimited.

An example of an original video file C is a file formatted in the YUVfamily of uncompressed video formats, and the like.

In some embodiments, for a digital content file C containing acopyrighted movie, an example of partitioning file C may be file Acontaining at least a processed form of the video information, and fileB containing at least a processed form of the audio information, wherefile A is at least a compressed MPEG form that does not contain anyaudio and file B is at least the matching compressed audio.

In some embodiments, where video file C is formatted in the YUV familyof uncompressed video formats, file A contains at least the Y and Uchannels and file B contains at least the V channel.

In some embodiments, where file C is a video file, file B contains atleast some of the key-frames of an encoded form of file C, and file Acontains at least the inter-frames which include the remaininginformation required to produce file F.

In some embodiments, relevant to both audio files C and the audio partof video files C is file A containing at least certain audio frequencyranges that can be used in the reproduction of F and file B containingthe remaining frequency ranges.

In some embodiments, relevant to both audio files C and the audio partof video files C file A is stuffed with dummy data and file B holds allinformation necessary to remove the dummy data.

In some embodiments, where digital content file C is time oriented, fileA may be a time shuffled version of file C, where each shuffled segmentis several seconds long. In this case file B contains informationnecessary to un-shuffle file A. The length of each shuffled segment maybe less than, equal to, or greater than several seconds, this inventionis not so limited. The lengths of each of the shuffled segment may bedifferent, this is invention is not so limited.

In some embodiments, where digital content file is time oriented, file Amay be similar to file C, except that it has missing segments. Themissing segments make up file B. It may be appreciated that the moremissing segments in file A, the less usable file A is on its own.

In other embodiments, where digital content file C is time oriented, forexample a WAV audio file coded in MP3 format, frames of equal durationare compressed into MP3 format. In the present invention, file C in WAVformat is divided into frames slightly longer than the normal framesize. The part of the frame that is the same size as normal is codedinto MP3 and stored in file A. The remainder is stored in WAV format infile B without compression. Neither file A nor file B can be usedseparately. Trying to listen to a song based solely on file A willresult in a slight jump at the end of every frame.

In some embodiments, where file C is a software application or a game,file A contains code to be executed on the DRM device while file Bcontains code to be executed on the digital appliance. Codes in file Aand file B need to execute simultaneously in order for the softwareapplication or game to function properly. The code in file A executingon DRM device is non-deterministic. The code in file A is a central partof the software application so it cannot be replaced by an alternatehacker code in file A′ running on the digital appliance.

It may be appreciated by those skilled in the art that there exitsvarious methods to process a file C into files A and B without departingfrom the spirit of this invention. The processing may be achieved by asingle or a plurality of transformations that combined together canreproduce an identical copy or almost identical copy of the originalfile C; the invention is not so limited.

It may be appreciated by those skilled in the art that file C may bebroken into more than 2 files A and B, for example a series of file A1 .. . An, B1 . . . Bm and transformations g1( ) . . . g1( ) and h1( ) . .. hk( ) without departing from the spirit of this invention.

In step 303 files A and B are optionally amended with more informationand optionally further processed. In some embodiments, the files A, Band amendments are unified into a packaged file P.

In some embodiments, the additional information may be metadataregarding the digital content C such as title, creators, size, copyrightnotice, and any other type of information describing the digital contentC. In some embodiments, the additional information may be content usagepolicies describing what end uses may be practiced on the content. Insome embodiments, the additional information may be content usagepolicies describing what end uses may be practiced on the content with aspecified DRM device. In some embodiments, the additional informationmay be content usage policies describing what end uses may be practicedon the content with a specified DRM device attached to a specifieddigital appliance. In some embodiments a watermark may be applied. Insome embodiments, file P may be further processed, for exampleencrypted.

FIG. 4 is a flowchart of an exemplary method for rendering a digitalcontent file using DRM Device 110.

In step 401 file P is distributed through a network to the DRM devicethat is attached to a host digital appliance.

In step 402 the DRM device extracts file A and file B from file P. Thiscan follow a user request to use the content, or be executed immediatelyupon receiving file P, or executed due to any other trigger event or atany time; the invention is not so limited.

In step 403 the DRM device application checks the usage policy based onthe specified request. A usage policy in the DRM device applicationparticipates in the process of verifying the eligibility of end use ofthe content file or a part of the content file, allowing or disallowingoperations such as decrypting, formatting, and/or transmitting an outputto the digital appliance. The verification may check one or severaleligibility options, including the right to use the content file, theright to use the content file up to a certain date, the right to use thecontent file between certain dates, the right to use the content fileafter a certain date, the right to use the content file for a certainaccumulated usage time, the right to use the content file for a certainnumber of times, the right to transfer the content file, and otherrights related to an end user in connection with an end use of thecontent file. These might be checked by the policy to produce a resultthat might be one or more possible actions such as allowing the outputto be transmitted to the digital appliance, disallowing the output frombeing transmitted to the digital appliance, erasing the content or partof the content, and/or other operations that a user may perform while inan end use of the content file. If user is allowed to access the contentfile, step 404 is initiated. If user is not allowed to access thecontent file, user is notified and sequence is terminated.

In step 404 the DRM device transmits file A to the host digitalappliance for calculation of g(A).

In step 405 the DRM device processes file B to generate h(B) and thehost digital appliance processes file A to generate g(A).

In step 406 g(A) is sent from the host digital appliance to the DRMdevice.

In step 407 the DRM device calculates F=f (g(A), h(B)).

In some embodiments, h(B) may transmitted from the DRM device to thehost digital appliance for calculation of F=f (g(A), h(B)).

In step 408 file F is ready for end use.

It may be appreciated by those skilled in the art that at no pointduring the formatting process is the file B present on the digitalappliance 220.

It may be appreciated by those skilled in the art, that the partitioningof file C into files A and B enables DRM device 210 to harness thecomputational power of digital appliance 220 in the formatting process.This results in a lower cost CPU 112 and perhaps other components of DRMdevice 210.

According to some embodiments, a process internal to the DRM device 210adds additional data to the reassembled copyrighted digital content fileF. In some embodiments, a digital watermark may be added. Adding adigital watermark at this stage enables employing the unique identity ofthe device into the watermark, thus later enabling the identification ofthe device from which copyrighted content was distributed.

In some embodiments, additional data is added to file simply to enlargeit. This is so distribution of file F will be more difficult or costly.An example is enlarging a file from 500 MB to 1000 MB. A 500 MB file maybe burned onto a CD, whereas the enlarged file may not due to thelimitations of capacity of a CD of around 700 MB. File F is enlarged bystuffing it with extra dummy data.

In some embodiments transformations f( ), g( ), and h( ) may degrade atleast part of the digital content.

In some embodiments, where the content is a software application or agame, the transformation h( ) can depend on input from the digitalappliance, for example a state of the game, and input from the user at acertain time or event. In some embodiments, the transformation h( )includes algorithms that produce data to be utilized by the applicationbased on the above inputs from the digital appliance.

The processing described with respect to FIGS. 3 and 4 is illustrated ina different format by respective FIGS. 5 and 6, wherein physicalelements and process steps that correspond to those of FIGS. 1-4 areidentified with the same reference numbers but with a prime (′) added.Referring initially to FIG. 5, preparation of a digital content file Cfor transmission over the Internet or other network takes place. A firststep 302′ processes file C to produce two files A and B such that one ofthe equations (1) or (2) above is satisfied, depending upon the natureof file C and the processing being performed. This involves processingfile C into files A and B such that when the functions g(A) and h(B) aretaken and combined according to a function f(g(A), h(B)), the originalcontent file C is reconstructed either exactly or, if the type of dataand application permit, approximately. This processing is furtherperformed such that the original content file C cannot be reconstructedin an acceptable manner by having one of g(A) or h(B) alone.

The files A and B are then combined, optionally with other information,into a file P, by a step 303′. As an example, data of the files A and B,plus any other information that is desired to be transmitted, arecombined in time sequence. The files and additional information may beinterleaved with each other to add some additional degree of security.The additional information may include a portion or all of the licensedata associated with the content file C.

File P may be compressed, by a step 501, and/or encrypted, by a step503, before being stored in a content server 240′. Whether either dataencryption 503 or compression 501 of the file P is desirable depends inpart on the nature of the data and whether these functions have alreadybeen performed as part of the step 302′ when producing the files A andB. The license data is preferably encrypted before being stored in alicense server 250′. Data of a file obtained from the content server240′ and any license data obtained from the license server 250′ that areassociated with the processed file are combined in an interface 505.This combined signal is then transmitted over the Internet or some otherdata network.

The processing of the content file C may be done by the content serverbut is preferably performed by a separate computer in order to maintaina greater separation of the original content file C from the end userwho likely has access to the content server 240′. The content server240′ will typically be accessed by the content consumer, remotely overthe Internet or other network, for the processed file P data. Data of alarge number of different files C, such as different books, songs and/orvideo pieces are usually stored concurrently on the servers 240′ and250′. The content and license servers 240′ and 250′ may be implementedby a single server.

If the processing 302′ to obtain files A and B includes encrypting oneor both of them, the further encryption 503 may be omitted asunnecessary. However, if only one of the files A or B is encrypted, itmay be desirable to encrypt the file P. And even if both of the files Aand B are in encrypted form, a second encryption 503 may be performed.The encryption process may utilize a key, identification of theencryption algorithm or even the algorithm itself obtained from thelicense data.

Similarly, the data compression 501 may be omitted, particularly ifeither or both of the files A and B have been compressed as part of theprocessing 302′. Alternatively, the steps 501 and/or 503 may be doneafter the data are stored on the content server 240′, if the file P isto be compressed and/or encrypted.

Receiving the file P from the Internet or other network by a digitalappliance 220′ is shown in FIG. 6. The digital appliance provides aninterface 601 to the network. The received data is then provideddirectly to the DRM device 210′ and preferably stored in itsre-programmable non-volatile memory 114′, at least temporarily and, insome applications, permanently. The received file data are decrypted bya step 603, if the file P was encrypted by the step 503 (FIG. 5),typically using a key, identification of an algorithm or a decryptionalgorithm provided as part of the license data. Attributes of the filedata being decrypted can also be separately supplied in this manner andused for security, such as its size, name, a digest of the file,checksum or other redundancy check parameter, or a fingerprint.

In another approach, the file data may be encrypted in either of thesteps 302′ or 303 (FIG. 5) by data unique to the individual DRM device210′ (FIG. 6). This can be a serial number or other identification ofthe DRM device 210′. That identification is then supplied during thedecryption 603. Any attempt to decrypt the file data with other than thecorrect DRM device identification will then fail. Alternatively, anencryption key or key pair may be stored in the memory of each DRMdevice 210′ and used for the encryption and decryption of the datastored in it. In these cases, the content data may only be decrypted andbecome useful with the single DRM device containing the unique key oridentification. The key or identification is preferably stored in theDRM device as part of the process of manufacturing it. Neither istherefore transmitted over a network or otherwise accessible outside ofthe DRM device.

Similarly, the data are decompressed by a step 605 if necessary becausethe data of File P were compressed by the step 501 before being sentover the network. This results in file P, or something close to file Pif any compression and decompression process is lossy.

A next step 402′ extracts files A and B and any additional informationfrom file P. If the files A and B and any additional information weresent one after the other, they are separately received in time sequence.If interleaved, the received data stream is separated into the files Aand B and any additional information by knowing the interleaving patternused when the data were sent. The calculation of the function h(B) fromthe file B is performed at step 607 within the DRM device 210′. File Ais transferred, on the other hand, to the digital appliance 220′, whereg(A) is calculated at step 609 and sent back to the DRM device 210′. Thefunction f(g(A), h(B)) is then calculated from g(A) and h(B), by a step407′.

Data of the file F, which are exactly or approximately the original dataof the content file C, are then rendered by a step 611 into a form foruse by a particular type of digital appliance 220′, such as a personalcomputer. This step may include limiting the form of the file data thatare passed to a utilization portion 613 of the digital appliance 220′,possibly according to the license data, in a manner that render the datain a form useful for the intended purpose but not particularly usefulfor unlicensed copying and/or distribution.

For a relatively small static content file C, such as the text of a bookor other document, the entire results of calculating g(A) in the digitalappliance 220′ and h(B) by the DRM device 210′ may be stored entirelywithin its memory 114′ and the processing of FIG. 6 performed on theentire file. But it is more common to perform the process of FIG. 6 in arepetitive, iterative manner on only a portion of the data files at onetime. For example, if the content is music or video data, then thereconstruction of a portion of the files A and B in the DRM device 210′is performed frequently, such as 50 times per second. Short correlatedpieces of files A and B are processed at one time in the mannerillustrated by FIG. 6, followed by the next in time sequence ofcorrelated pieces of the files A and B processed in the same manner, andso forth. Such repetitive, iterative processing is utilized particularlywhen the processed file received by the DRM device 210′ is too large forthe available storage capacity of the memory 114′, or when it is desiredto perform the calculations and render the result in real time as thedata are received by the DRM device.

In addition to the protection that data encryption provides, licensedata provided by the content provider and stored in the memory 114′ mayfurther control operation of the DRM device 210′. The license data canlimit use of a particular data file to a specific number of times, arange of dates, and the like. It can also control the formatting 611 torender the data in a particular limited way specific to the DRM deviceor user. These are checked and controlled by an eligibility verificationstep 614. When attempting to operate outside of such license rights,processing and rendering the data within the DRM device 210′ can beterminated entirely, as illustrated by interrupting one or moreessential data transmission paths at 615, 617 and/or 619. If licensedata are included in the additional information, they may instead beused to control these data transmission paths and also applied to any orall of the blocks 607, 609, 611 and 614. A primary aspect of theprocessing described above takes place by preparing data of the file Cfor transmission at a step 302′ of FIG. 5, and then by reversing theeffect of the step 302′ in the DRM device and digital appliance by thesteps 607, 609 and 407′ of FIG. 6. This part of the processing of FIGS.3-6 is illustrated in a different format in FIG. 7. In an exampleimplementation, the content file C is separated by processing 651 intocomponents C₁ and C₂. These components are then individually processedby respective processing 653 and 655. The result of the processing 653is file A, and the result of the processing 655 is the file B. Theprocessing 653 and 655 can be encryption, compression or some other formof processing. The type of processing 653 and 655 need not be the same.Also, both of the processing steps 653 and 655 need not always beperformed.

Files A and B are then usually transmitted over a network such as theInternet, in the form of the previously described file P or otherwise.When received, the data of file A are subjected to processing 657 thatis the inverse of the processing 653. That is, if the processing 653compresses data to form file A, the processing 657 decompresses the dataof File A. Similarly, the received data of file B are subjected toprocessing 659 that is the inverse of the processing 655. The productsg(A) and h(B) of this processing are then combined at 661 by a processthat is the inverse of the separation process 651. The result of thecombination is file F, which is either exactly or approximately the sameas the original file C, depending on whether any of the intermediateprocessing has created any data loss or distortion.

In one of the embodiments described above, where the file C containsdata of a movie, the file is divided into a video component C₁ and anaudio component C₂. File A results from the processing 653 of the videocomponent C₁, such as by compression, and file B from the processing 655of the audio component C₂, which may also be compression. The processingstep 657 then decompresses File A with an inverse of the compressionalgorithm used in the step 653. Similarly, File B is decompressed by theprocessing 659 with an inverse of the algorithm used for the processing655.

In another of the embodiments described above, the frequency range of anaudio file C is divided into two distinct component ranges C₁ and C₂ bythe step 651. File A results from the processing 653 of the C₁ componentdata, and File B from the processing 655 of the C₂ component data.

In another embodiment described above, the separation processing 651divides color components of a video signal file C into two parts, file Abeing formed of one or more but less than all the components, and file Bincluding the remaining component(s). Combining the processed files Aand B in the step 651 puts all the color components back into data F ofa single video signal.

In others of the embodiments described above, the processing 651includes generating the component C₁ by making some modification to thefile C₁ while the component C₂ holds information necessary to reversethat modification. The processing 661 then combines data in a manner toreverse the modification. Such modifications include adding dummy data,time shuffling the data or removing data segments.

The DRM device 210′ is most conveniently implemented in one or more ofthe flash memory cards or flash drives that are commercially available.Suitable memory cards are those sold under the trademarks CompactFlash(CF), Multi-Media Card (MMC), Secure Digital (SD), miniSD, TransFlash,Memory Stick and others. Flash drives sold under the Cruzer trademarkcan also be used. SanDisk Corporation, the assignee hereof, manufacturesand sells these memory cards and flash drives. They are suitable becausethey have enough processing power to both manage the flash memory andperform the processing indicated in FIG. 6 for most applications.

By offloading the calculation of g(A) from the DRM device 210′ to thedigital appliance 220′, even cards or drives with a lesser amount ofprocessing power may still be used, usually at a lower cost. The moreprocessing intensive calculations are then caused to be performed by thedigital appliance 220′, which will often have much more processingcapability than the flash device. For security, the digital appliancehas access to only part of the original file C, namely g(A) in thisexample, which is not useful by itself. Indeed, the division of theoriginal content file C (FIG. 5) into files A and B may be performed sothat a vast majority of the data are kept within the file A and onlyenough data to render the file A useless by itself are placed in thefile B. This allows the usually superior processing power and memorycapacity of the digital appliance 220′ to be utilized to calculate g(A)while a relatively small amount of processing power and memory capacityof the DRM device 210′ are necessary to calculate h(B) and render thefile F (FIG. 6). This can be especially useful when the content is highdata rate streaming audio or video content since both devices need tokeep in synchronism by processing corresponding pieces of g(A) and h(B)within the same increment of time. A ratio of processing power betweenthe two may be two, four, ten or more, and a ratio of the memory storagecapacity of the two may be similar. The relatively modest DRM devicethereby controls reconstruction of the content file C with security anddigital rights management. The same principle can also be applied in thereverse case, when the digital appliance has the lesser processing powerand/or memory capacity than the DRM device.

The structure of such a flash memory device 701 is generally illustratedin FIG. 8. It contains flash memory 114′ having an array or arrays offlash memory cells formed on one or more semiconductor integratedcircuit chips. A memory controller 703, usually formed on another chip,typically includes a bus 705 extending between an interface 707 with theflash memory 114′ and an interface 709 of the device. Connected to thebus 705 are a micro-processor 711, a memory 113′, including volatilerandom-access-memory (RAM), and typically one or more circuits formaking special purpose calculations, such as a circuit 713 forcalculating error correction codes (ECCs) from the data and a securityprocessing circuit 715. An external connector 717 is formed on anoutside of the memory device, with a mechanically and electricallymating connector 719 on the digital appliance 220′.

The microprocessor 711 of the memory device 701 of FIG. 8 makes thecalculations described for the DRM device 210′ of FIG. 6. Firmware thatis executed by the microprocessor 711 to make these calculations istypically stored in the flash memory 113′ and loaded into the controllermemory 113′ as necessary. The flash memory 114′ may be partitioned intoat least two parts, one part being addressable by the user for writingand reading user data, as well as encrypted file P content. A logicaladdress space specified for the memory device is mapped into this useraccessible first part. The second part of the memory 114′ is madeinaccessible to the user, and is typically used to store content that isnot to be accessed directly by the user, data of encryption keys, aserial number or other unique identification of the device and theoperating firmware. When data received by the DRM device 210′ andintermediate products of the calculations illustrated in FIG. 6 arestored in the second part of the memory 114′. Data of one of the files Aor B, or both, extracted by the step 402′, or sequential small portionsof them, are examples of intermediate calculation results that are sostored. File F may also be stored in this manner until outputted to thedigital appliance 220′. The controller 703 has access to this secondpart in order to perform its functions but it is not within the logicaladdress space of the memory device that is seen by the digital appliance220′.

The form of the connector 717 (FIG. 8) is specific to the standard forthe particular memory card or flash drive employed. Many such standardsexist. For example, a public document describing the physical and someelectrical characteristics of the SD Card is available from the SDAssociation (SDA): “Simplified Version of: Part 1 Physical LayerSpecification Version 1.01,” dated Apr. 15, 2001. Specifications of theTransFlash memory card are available from SanDisk Corporation.Mechanical and electrical details of the USB interface are provided bythe “Universal Serial Bus Specification,” revision 2.0, dated Apr. 27,2000. Another, higher transfer rate interface, known as FireWire, isspecified by the following standard of the Institute of Electrical andElectronics Engineers (IEEE): “IEEE Standard for a High PerformanceSerial Bus,” document no. IEEE 1394-1995, as amended by document nos.IEEE 1394a-2000 and IEEE 1394b-2002. The foregoing specifications andstandards are incorporated herein by these references.

A common form of the DRM device 210′ and digital appliance 220′ is shownin FIG. 9. The DRM device 210′ is a flash drive having a USB plug 717′for removable insertion into an USB receptacle 719′ on the digitalappliance 220′, which will commonly be a personal computer, notebookcomputer or other host that contains an USB receptacle. Of course, otherdigital appliances may provide similar connectivity for other forms ofthe memory device. Alternatively, the plug 717′ may be in the form of aFireWire connector. Further, wireless communication may be used betweenthe digital appliance 220′ and DRM device 210′ instead of a wiredconnection between them.

The use of an SD card 210″ as the DRM device is also illustrated in FIG.9, being removably inserted into a card slot 719″ of the digitalappliance 220′ to electrically connect with its external contacts 717″.Some form of memory card adaptor, such as one that also plugs into a USBreceptacle of a digital appliance, may be employed instead of utilizinga dedicated card slot on the digital appliance itself.

Another memory storage device very useful for the DRM device is a memorycard having two different external connectors on the card that bothconnect to the internal memory controller, one for insertion into a USBreceptacle and another with a standard set of card contacts, such asaccording to the SD card standards. Such a device is described in twoUnited States patent applications filed Apr. 16, 2004, Ser. No.10/826,801, entitled “Memory Cards Having Two Standard Sets ofContacts,” and Ser. No. 10/826,796, entitled “Memory Card with TwoStandard Sets of Contacts and a Contact Covering Mechanism.” Both ofthese applications are incorporated herein by these references.

It is also desirable to manufacture the DRM device in a manner thatmakes it difficult to be disassembled. This provides additional securityof the data stored in it. One such manufacturing technique and a flashdrive resulting from it are described in United States patentapplication publication no. 2004/0137664A1, which application isincorporated herein in its entirety by this reference.

Any visual content of the file C may be viewed by the user on thedigital appliance's visual display 721, and any audio content heardthrough audio speakers 723 or earphones. The digital appliance 220′ mayinclude only one of the display 721 or the audio source 723, or multiplecopies of one of them, if dedicated to reproduce only visual or audiocontent, respectively. Some other human sensory transducer may be usedwhen appropriate for reproducing data of the content file C.

The description above contemplates that the DRM device is implemented inthe form of a memory card or flash device that is removable from thedigital appliance. However, there are applications where it is desirableto permanently install the DRM device within a digital appliance, anexample being where the digital appliance is highly portable such as anaudio MP3 player. In such a case, the DRM device is preferablyseparately formed in a sealed package to increase the difficulty of itbeing disassembled, thereby increasing the security of the data beingprocessed.

Although the present invention has been described with reference toparticular embodiments, it is not to be construed as being limitedthereto. Various alterations and modifications can be made to theembodiments without in any way departing from the scope or spirit of thepresent invention.

1. A method of communicating digital data over a communications network,comprising: separating the digital data into at least first and secondunits of data, transmitting the units of data over a communicationsnetwork in a manner that the units of data maintain their separateidentities, processing the at least first and second units of datareceived over the communications network in different respective ones ofat least first and second electronic systems, combining the processedunits of data in the first electronic system, and utilizing the combinedunits of data in the second electronic system.
 2. The method of claim 1,wherein the first electronic system is formed as a hand-held device witha first connector that mechanically and electrically mates with a secondconnector on the second electronic system that includes a host digitalappliance.
 3. The method of claim 1, wherein the digital data includemultimedia data having both video and audio components, and wherein thefirst unit includes compressed data of the video component without dataof the audio component and the second unit includes compressed data ofthe audio component.
 4. The method of claim 1, wherein the digital dataare of a video signal having a plurality of components, and wherein thefirst unit includes data of less than all the components and the secondunit includes data of other of the components.
 5. The method of claim 1,wherein the digital data include encoded data frames, and wherein thefirst unit includes at least key frames thereof and the second unitincludes remaining inter-frames thereof.
 6. The method of claim 1,wherein the digital data includes data of an audio signal, and whereinthe first unit includes data of at least certain audio frequency rangesand the second unit includes data of remaining audio frequency ranges.7. The method of claim 1, wherein the digital data includes data of anaudio signal, and wherein the first unit includes the audio data plusdummy data and the second unit includes data of information necessary toremove the dummy data from the first unit.
 8. The method of claim 1,wherein the digital data are of a time oriented signal, and wherein thefirst unit includes a time shuffled version of the digital data and thesecond unit includes data of information necessary to un-shuffle data ofthe first unit.
 9. The method of claim 1, wherein the digital data areof a time oriented signal, and wherein the first unit includes thedigital data with segments thereof missing and the second unit includesdata of the missing segments.
 10. The method of claim 1, wherein thedigital data are of an encoded WAV audio file and divided into frames ofdata longer than a given length, and wherein the first unit includesdata of the given length of the frames and the second unit includesremaining data of the frames.
 11. The method of claim 1, wherein thedigital data are of software, and wherein the first unit includessoftware code to be executed by the first electronic system and thesecond unit includes software code to be executed by the secondelectronic system.
 12. In a combination of a digital appliance and adigital rights management (DRM) device removably connected therewith, amethod of processing a data file received by the digital appliance,comprising: receiving the data file in a form of at least first andsecond separate units of data, processing the first unit of data in theDRM device and the second unit of data in the digital appliance,combining the processed first and second units of data in the DRMdevice, and utilizing the combined data in the digital appliance. 13.The method of claim 12, wherein the processing include decrypting atleast one of the first and second units of data.
 14. The method of claim12, wherein the first and second data units received by the digitalappliance are encrypted, and wherein the processing includes decryptingthe first unit of data in the DRM device and decrypting the second unitof data in the digital appliance.
 15. The method of claim 12, whereinthe DRM device has at least one encapsulated integrated circuitincluding a non-volatile memory, a microprocessor and a connector thatelectrically and mechanically mates with a connector of the digitalappliance.
 16. The method of claim 15, wherein the DRM device connectorand connector of the digital appliance are USB connectors.
 17. Themethod of claim 15, wherein the DRM device connector and connector ofthe digital appliance conform to those of a SD card standard.
 18. Themethod of claim 15, wherein the DRM device connector and connector ofthe digital appliance conform to those of a TransFlash card standard.19. The method of claim 15, wherein the DRM device connector andconnector of the digital appliance conform to those of a Memory Stickcard standard.
 20. The method of claim 12, wherein the communication ofdata between the digital appliance and the DRM device is donewirelessly.
 21. In a digital appliance having a digital rightsmanagement (DRM) device connected thereto, a method of processing a datafile received by the digital appliance, comprising: receiving the datafile in a form of at least first and second separate units of data,processing the first unit of data in the DRM device and the second unitof data in the digital appliance, combining the processed first andsecond units of data in the DRM device, and utilizing the combined datain the digital appliance.
 22. The method of claim 21, wherein theprocessing include decrypting at least one of the first and second unitsof data.
 23. The method of claim 21, wherein the first and second dataunits received by the digital appliance are encrypted, and wherein theprocessing includes decrypting the first unit of data in the DRM deviceand decrypting the second unit of data in the digital appliance.
 24. Adigital rights management (DRM) module, comprising: a microprocessor, asemiconductor memory, an interface for communicating data into and outof the module, and software code stored within the memory and executedby the microprocessor to: extract at least first and second parts from adata file received through the interface, process the first part of thereceived data file to form a processed first part, send the second partof the received data file back through the interface, receive the secondpart of the data file through the interface after processing as aprocessed second part, combine the processed first and second parts ofthe data file, and send at least a representation of the combinedprocessed parts of the data file back though the interface.
 25. Themodule of claim 24, wherein the processing includes decryption of thefirst and second parts of the data file received through the interfacecircuit.
 26. The module of claim 24, wherein at least the microprocessorand semiconductor are encapsulated.
 27. The module of claim 24, whereinthe interface includes a mechanical connector having electrical contactsaccessible from outside of the module.
 28. The module of claim 27,wherein the connector includes an USB connector.
 29. The module of claim27, wherein the connector includes electrical contacts according to anSD memory card standard.
 30. The module of claim 27, wherein theconnector includes electrical contacts according to a TransFlash memorycard standard.
 31. The module of claim 27, wherein the connectorincludes electrical contacts according to a Memory Stick memory cardstandard.
 32. The module of claim 24, wherein the interface includes twomechanical connectors accessible from outside of the module.
 33. Themodule of claim 32, wherein the two mechanical connectors include an USBconnector and a set of electrical contacts according to an existingmemory card standard.
 34. The module of claim 24, wherein the interfacefor communicating data into and out of the module includes a wirelesstransceiver.
 35. A system for serving digital content, comprising: atleast one server storing at least two units of data derived from digitalcontent such that the digital content cannot be reconstructed from anyone of the units alone but rather requires that processing be performedand the results of the processing combined in order to reconstruct thedigital content, and an interface adapted to send the derived at leasttwo units of data as a single data stream over a network in response toa request received over the network for the digital content.
 36. Thesystem of claim 35, wherein said at least one server additionally storesdata of rights to use the digital content, and the interface is furtheradapted to send the rights data of the digital content over the networkalong with the units of data.
 37. The system of claim 35, additionallycomprising a plurality of digital appliances with DRM devices connectedthereto for receiving the at least two units of data from said at leastone server over the network, wherein the processing of one of the unitsof data takes place in the DRM device and the processing of another ofthe units of data takes place in the digital appliance, and the resultsof this processing are combined to reconstruct the digital content file,for utilization by the digital appliance.
 38. The system of claim 37,wherein the DRM device functions to issue the request for the digitalcontent and send it over the network.
 39. The system of claim 35,wherein the amount of processing and memory capacity required to processan amount of one of the units of data is one-half or less than thatrequired to process an amount of another one of the units of data. 40.The system of claim 35, wherein the at least two units of data arederived from the digital content in a manner such that their processingis to be done in at least two different hardware devices connected witheach other and then the results of the processing combined in one of thehardware devices.
 41. The system of claim 35, wherein said at least oneserver stores at least one of the units of data in a compressed form.42. The system of claim 35, wherein said at least one server stores atleast one of the units of data in an encrypted form.